0
So, I was thinking I should probably start changing my passwords after hearing all the talk about the Heartbleed bug. However, I then started thinking, what is the point of changing my password at a given site, if it is still vulnerable to Heartbleed?
So, I'm guessing it only makes sense to change my password at a site that is no longer vulnerable, but how can I determine of that is the case?
phaz
Posted 2014-04-12T19:30:09.513
Reputation: 288
1
Just enter the website you want to check here.
This site tells you if the checked site is still vulnerable.
Peter Lamby
Posted 2014-04-12T19:30:09.513
Reputation: 362
2
There is also a Chrome extension that checks visited sites for the vulnerability. For Firefox there is also an extension available.
If you are using LastPass, they will notify you as soon as the website is no longer affected by heartbleed and has changed the ssl certificates.
Square
Posted 2014-04-12T19:30:09.513
Reputation: 21
Thanks for the answer. I wish I could accept your answer as well, but since I can only choose one, I chose Peters since it doesn't require installing anything. :-) – phaz – 2014-04-12T19:52:17.947
1
Someone has already posted the original heartbleed test website, and Filippo is awesome for open sourcing it so you should support him. We actually use part of his test code to power our site.
I worked with a team to setup a site that has a few more features than just seeing if the website is currently vulnerable. We stored the public key of all of the SSL certs of the top 1 million websites and are checking to see that they are changing their certs as well as if they are still vulnerable to heart bleed. We also have some stats on how many sites that we've tested are still vulnerable. Currently it's about 9%.
As like with Filippo's website you can test your own site to see if it's vulnerable. It is heartbleedstatus.com
(Discosure as stated above I was on the team to create this site.)
Jacob
Posted 2014-04-12T19:30:09.513
Reputation: 1 614
Thanks for the answer! Can you confirm that the test actually works and is not just returning negatives all the time? I mean, all sites I've tried have (not surprisingly) been negative. Is there a site around that is still vulnerable, that I can test? – phaz – 2014-04-12T19:56:59.723
1
The author has an vunerable site (ec2-54-81-196-192.compute-1.amazonaws.com:4433) for testing purposes. You can find it in the FAQ. In the FAQ you can also find a link to the Go source code.
– Peter Lamby – 2014-04-12T20:01:47.017